E-commerce has become a standard means by which business is being done in the modern world. As a result, new technologies and legal regimes have been developed to support this shift in how businesses and consumers alike are transacting.
But, if you sign up to a contract electronically, how can you be sure that the terms you have agreed are legally binding? In this blog, we consider the legality of electronic signatures.
The legal regime
Despite the use of e-signatures only becoming more common in recent times, a regulatory regime has been in place since 2000. However, there was limited uptake, and the European Commission perceived that this was due to a lack of confidence in the technology and the law. As such, the Commission developed a consistent European framework for the use of electronic signatures and online authentication, in the form of the Electronic Identification Regulation (the Regulation), which came into force in 2014 and has had direct effect in EU member states since 2016.
What is an E-signature?
Put simply, an electronic signature, or e-signature, is a means by which a document may be signed online without the need to put pen to paper.
The Regulation governs the use of many forms of e-signature, including electronic seals (used by corporate entities), electronic time stamps, and electronic registered delivery services. Under the Regulation, each type of authentication is broadly treated in the same way as e-signatures.
Categories of E-signature
The Regulation sets out three categories of electronic signature: simple; advanced and qualified. Each is an effective way of executing a document online, and the Regulation confirms that e-signatures are legally binding.
Examples of ‘simple’ e-signatures include typewritten names (such as at the end of an email), scanned copies of handwritten signatures and ticking a box on an electronic document stating “I agree”.
However, in order to qualify as an ‘advanced’ electronic signature, the signature must be: (i) uniquely linked to the signatory; (ii) capable of identifying the signatory; (iii) created using electronic signature creation data that the signatory can (with a high level of confidence) use under his sole control; and (iv) linked to the data signed therewith in such a way that any subsequent change is detectable. This definition softened the previous legal stance, which placed on absolute obligation on the signatory to retain ‘sole control’ of the data which implied physical control of the data, and potentially excluded cloud-based signature creation devices. And, as we all know, computers can be hacked. The new definition clarifies that the use of appropriate security measures will suffice, and acknowledges that, practically speaking, absolute control may be difficult to achieve.
A ‘qualified’ e-signature has the most onerous requirements. It is essentially an advanced e-signature, which is created by a qualified electronic signature device, based on a qualified certificate for e-signatures. A qualified electronic signature device is signature generation device certified and approved for use to create qualified e-signatures. A qualified certificate for e-signatures is a certificate issued by a Qualified Trust Services Provider (more on Trust services Providers below).
It is worth pointing out that there is a slight distinction between the use of e-signatures by natural persons (i.e. individuals) and legal persons (i.e. corporate entities). Electronic signatures can only be used by individuals and not corporate entities, but e-signatures can still be used by individuals to bind corporate entities in the same way that a written signature. However, if an agreement is to be executed by a corporate entity itself (as opposed to by an individual on a corporate entity’s behalf), a corporate seal should be used.
Verifying authenticity was historically one of the major challenges to the perceived trustworthiness of e-signatures. However, the establishment of ‘Trust Service Providers’, namely companies that provide services that can verify or validate e-signatures and other forms of electronic authentication, has gone some way to boost confidence around the validity of e-signatures. Examples of trust services include the creation, verification and validation of e-signatures, seals, time stamps and certificates for website authentication. Trust Service Providers are also regulated by the Information Commissioner’s Office (the ICO).
It is also vitally important to ensure that when signing documents online, you do so through a secure site. As such, website authentication is important. A website that benefits from website authentication is simply a website that has a digital certificate linking it to the business or person that you are dealing with. Ideally, we would recommend avoiding the execution of any type of online e-signature through a site that does not have this, as there is no guarantee it is secure.
Would you like to know more about electronic signatures from a legal standpoint? Please get in touch with our team here at Pannone Corporate. You can do so by either calling the team on 0800 131 3355 or by filling out our contact form.